|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
TA18-141A: Side-Channel Vulnerability Variants 3a and 4
TA18-141A: Side-Channel Vulnerability Variants 3a and 4
05-21-2018 01:54 PM Original release date: May 21, 2018 | Last revised: May 22, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Description Common CPU hardware implementations are vulnerable to the side-channel attacks known as Spectre and Meltdown. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data. Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information. Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to
Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems. Solution Mitigation NCCIC recommends users and administrators
Link to Vendor InformationDate AddedAMDMay 21, 2018ARMMay 21, 2018IntelMay 22, 2018MicrosoftMay 21, 2018RedhatMay 21, 2018 References
More... |
Sponsored Links |
|